In current business environment, all types of business data are becoming more and more crucial to business success. The tremendous growth and complexity of business-generated data is driving the demand for information storage, defining the way of sharing, managing and protection of information assets.
Typically, no single technology or architecture is able to address all the needs of any organization. Main storage technologies are described, for example, in the White Paper by EMC, “Leveraging Networked storage for your business”, March 2003, USA and basically can be identified by location and connection type (intra-computer storage, direct attached storage (DAS), IP, channel networks, etc.) and by the method that data is accessed. There are three basic types of storage architectures to consider in connection with methods of data access: Block Access, File Access, and Object Access.
In block mode access architecture, the communication between a server/client and a storage medium occurs in terms of blocks; information is pulled block by block directly from the disk. The operation system keeps track of where each piece of information is on the disk, while the storage medium is usually not aware of the file system used to organize the data on the device. When data need to be read or updated, the data are directly accessed from the disk by that processor which knows where each block of data is located on the disk and how to access it. Examples of block mode access storage technologies are DAS (Direct Attached Storage), SAN (Storage Area Network), Block Storage over IP (e.g. FCIP, iFCP, iSCSI, etc.), intra-memory storage, etc.
File access requires the server or client to request a file by name, not by physical location. As a result, a storage medium (external storage device or storage unit within a computer) is usually responsible to map files back to blocks of data for creating, maintaining and updating the file system, while the block access is handled “behind the scenes”. Examples of file access storage technologies are NAS (Network Attached Storage with NFS, CIFS, HTTP, etc. protocols), MPFS (Multi-Pass File Serving), intra-computer file storage, etc. The file access storage may be implemented, for example, for general purpose files, web applications, engineering applications (e.g. CAD, CAM, software development, etc.), imaging and 3D data processing, multi-media streaming, etc.
Object access further simplifies data access by hiding all details about block, file and storage topology from the application. The object access occurs over API integrated in content management application. An example of object access storage technology is CAS (Content Addressed Storage).
The logical data objects (data files, image files, data blocks, etc.) may be transformed for transmission and/or storage. The transformation may comprise compression, encryption, encoding, conversion, etc. and/or combinations thereof. For example, data compression techniques are used to reduce the amount of data to be stored or transmitted in order to reduce the storage capacity and transmission time respectively. Compression may be achieved by using different compression algorithms, for instance, a standard compression algorithm, such as that described by J. Ziv and A. Lempel, “A Universal Algorithm For Sequential Data Compression,” IEEE Transactions on Information Theory, IT-23, pp. 337-343 (1997).
Various implementations of compressing data for storage and access to the stored data are disclosed, for example, in the following patent publications:    U.S. Pat. No. 5,813,011 (Yoshida et al.) entitled “Storage of a compressed file containing its own compression management table”;    U.S. Pat. No. 5,813,017 (Morris et al.) entitled “System and method for reducing storage requirement in backup subsystems utilizing segmented compression and differencing”;    U.S. Pat. No. 5,956,504 (Jagadish et al.) entitled “Method and system for compressing a data stream in a database log so as to permit recovery of only selected portions of the data stream”;    U.S. Pat. No. 6,092,071 (Bolan et al.) entitled “Dedicated input/output processor method and apparatus for access and storage of compressed data”;    U.S. Pat. No. 6,115,787 (Obara et al.) entitled “Disc storage system having cache memory which stores compressed data”;    U.S. Pat. No. 6,349,375 (Faulkner et al.) entitled “Compression of data in read only storage and embedded systems”;    U.S. Pat. No. 6,449,689 (Corcoran et al.) entitled “System and method for efficiently storing compressed data on a hard disk drive”;    U.S. Pat. No. 6,532,121 (Rust et al) entitled “Compression algorithm with embedded meta-data for partial record operation augmented with expansion joints”;    U.S. Patent Application No. 2002/078241 (Vidal et al.) entitled “Method of accelerating media transfer”;    U.S. Patent Application No. 2004/030,813 (Benveniste et al.) entitled “Method and system for storing memory compressed data onto memory compressed disks”;    U.S. Patent Application No. 2004/054,858 (Sashikanth et al.) entitled “Method and mechanism for on-line data compression and in-place updates”;    U.S. Patent Application No. 2006/230,014 (Amit et al.) entitled “Method and system for compression of files for storage and operation on compressed files”;    U.S. Patent Application No. 2006/190,643 (Amit et al.) entitled “Method and system for compression of data for block mode access storage”.
Data stored in plaintext is open to potential malicious use (e.g. unauthorized access, misuse, theft, etc.), and known in the art solutions for perimeter and/or access control (e.g. firewalls, Virtual Private Networks, LUN masking control and zoning in SAN storage networks, NAS security control features, etc.) still leave security vulnerabilities. Encrypting data to be stored may considerably reduce security threats; such encryption may be provided by using different algorithms known in the art. The problem of providing encryption of storing data with minimal impact on data accessibility and manageability has been recognized in the Prior Art and various systems have been developed to provide a solution, for example:
U.S. Pat. No. 5,235,641 (Kakuse et al.) entitled “File encryption method and file cryptographic system”;
US Patent Application No. 2004/153,642 (Avida et al.) entitled “Encryption based security system for network storage”;
US Patent application 2005/204,154 (Osald) entitled “Method and apparatus for cryptographic conversion in a data storage system”.
The problem of providing compression of logical data objects combined with encryption thereof also has been recognized in the Prior Art and various systems have been developed to provide a solution, for example:
U.S. Pat. No. 5,285,497 (Thatcher) entitled “Methods and apparatus for scrambling and unscrambling compressed data streams”
U.S. Pat. No. 6,122,378 (Yoshiura et al.) entitled “Method and device for compressing and ciphering data”
U.S. Pat. No. 6,154,542 (Crandall) entitled “Method and apparatus for simultaneously encrypting and compressing data”
U.S. Pat. No. 6,157,720 (Yoshiura et al.) entitled “Method and apparatus for encrypting data”
U.S. Patent Application No. 2004/218,760 (Chaudhuri) entitled “System and method for data encryption and compression”
U.S. Patent Application No. 2004/264,698 (Oda) entitled “Data encrypting device, data decoding device, image data storing device and image forming apparatus”
GB Patent Application 2,315,575 (Mansour et al.) entitled “Encryption circuit in I/O subsystem”